<!DOCTYPE html>
<html lang=zh>
<head>
  <meta charset="utf-8">
  
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no, minimal-ui">
  <meta name="renderer" content="webkit">
  <meta http-equiv="Cache-Control" content="no-transform" />
  <meta http-equiv="Cache-Control" content="no-siteapp" />
  <meta name="apple-mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black">
  <meta name="format-detection" content="telephone=no,email=no,adress=no">
  <!-- Color theme for statusbar -->
  <meta name="theme-color" content="#000000" />
  <!-- 强制页面在当前窗口以独立页面显示,防止别人在框架里调用页面 -->
  <meta http-equiv="window-target" content="_top" />
  
  
  <title>拼多多数据库解密 | Lee&#39;Blog</title>
  <meta name="description" content="0x00 拼多多数据库在拼多多数据库中其中的t_mall_conversation表中的message字段数据内容被加密了  提取相应的关键字：  t_mall_conversation message  0x01 逆向分析在其官网找到下载地址 1http:&#x2F;&#x2F;mcdn.yangkeduo.com&#x2F;android_dev&#x2F;2020-01-14&#x2F;b9">
<meta property="og:type" content="article">
<meta property="og:title" content="拼多多数据库解密">
<meta property="og:url" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html">
<meta property="og:site_name" content="Lee&#39;Blog 专注逆向、网络安全">
<meta property="og:description" content="0x00 拼多多数据库在拼多多数据库中其中的t_mall_conversation表中的message字段数据内容被加密了  提取相应的关键字：  t_mall_conversation message  0x01 逆向分析在其官网找到下载地址 1http:&#x2F;&#x2F;mcdn.yangkeduo.com&#x2F;android_dev&#x2F;2020-01-14&#x2F;b9">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119142603548.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119142907538.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119151434228.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119151637311.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119153147712.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119154305302.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119154332523.png">
<meta property="og:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119155717365.png">
<meta property="article:published_time" content="2020-01-08T06:22:52.000Z">
<meta property="article:modified_time" content="2020-08-01T14:37:54.964Z">
<meta property="article:author" content="Lee">
<meta property="article:tag" content="Android逆向">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119142603548.png">
  <!-- Canonical links -->
  <link rel="canonical" href="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html">
  
    <link rel="alternate" href="/atom.xml" title="Lee&#39;Blog 专注逆向、网络安全" type="application/atom+xml">
  
  
    <link rel="icon" href="/favicon.png" type="image/x-icon">
  
  
<link rel="stylesheet" href="/css/style.css">

  
  
  
    <link href="//cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.3.5/dist/jquery.fancybox.min.css" rel="stylesheet">
  
  
<meta name="generator" content="Hexo 4.2.0"></head>


<body class="main-center theme-green" itemscope itemtype="http://schema.org/WebPage">
  <header class="header" itemscope itemtype="http://schema.org/WPHeader">
  <div class="slimContent">
    <div class="navbar-header">
      
      
      <div class="profile-block text-center">
        <a id="avatar" href="https://github.com/cofess" target="_blank">
          <img class="img-circle img-rotate" src="/images/avatar.jpg" width="200" height="200">
        </a>
        <h2 id="name" class="hidden-xs hidden-sm">Lee</h2>
        <h3 id="title" class="hidden-xs hidden-sm hidden-md">专注逆向、网络安全</h3>
        <small id="location" class="text-muted hidden-xs hidden-sm"><i class="icon icon-map-marker"></i> Shenzhen, China</small>
      </div>
      
      <div class="search" id="search-form-wrap">

    <form class="search-form sidebar-form">
        <div class="input-group">
            <input type="text" class="search-form-input form-control" placeholder="搜索" />
            <span class="input-group-btn">
                <button type="submit" class="search-form-submit btn btn-flat" onclick="return false;"><i class="icon icon-search"></i></button>
            </span>
        </div>
    </form>
    <div class="ins-search">
  <div class="ins-search-mask"></div>
  <div class="ins-search-container">
    <div class="ins-input-wrapper">
      <input type="text" class="ins-search-input" placeholder="想要查找什么..." x-webkit-speech />
      <button type="button" class="close ins-close ins-selectable" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
    </div>
    <div class="ins-section-wrapper">
      <div class="ins-section-container"></div>
    </div>
  </div>
</div>


</div>
      <button class="navbar-toggle collapsed" type="button" data-toggle="collapse" data-target="#main-navbar" aria-controls="main-navbar" aria-expanded="false">
        <span class="sr-only">Toggle navigation</span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </button>
    </div>
    <nav id="main-navbar" class="collapse navbar-collapse" itemscope itemtype="http://schema.org/SiteNavigationElement" role="navigation">
      <ul class="nav navbar-nav main-nav ">
        
        
        <li class="menu-item menu-item-home">
          <a href="/.">
            
            <i class="icon icon-home-fill"></i>
            
            <span class="menu-title">首页</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-archives">
          <a href="/archives">
            
            <i class="icon icon-archives-fill"></i>
            
            <span class="menu-title">归档</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-categories">
          <a href="/categories">
            
            <i class="icon icon-folder"></i>
            
            <span class="menu-title">分类</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-tags">
          <a href="/tags">
            
            <i class="icon icon-tags"></i>
            
            <span class="menu-title">标签</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-repository">
          <a href="/repository">
            
            <i class="icon icon-project"></i>
            
            <span class="menu-title">项目</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-links">
          <a href="/links">
            
            <i class="icon icon-friendship"></i>
            
            <span class="menu-title">友链</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-about">
          <a href="/about">
            
            <i class="icon icon-cup-fill"></i>
            
            <span class="menu-title">关于</span>
          </a>
        </li>
        
      </ul>
      
	
    <ul class="social-links">
    	
        <li><a href="https://github.com" target="_blank" title="Github" data-toggle=tooltip data-placement=top><i class="icon icon-github"></i></a></li>
        
        <li><a href="https://twitter.com" target="_blank" title="Twitter" data-toggle=tooltip data-placement=top><i class="icon icon-twitter"></i></a></li>
        
        <li><a href="/atom.xml" target="_blank" title="Rss" data-toggle=tooltip data-placement=top><i class="icon icon-rss"></i></a></li>
        
    </ul>

    </nav>
  </div>
</header>

  
    <aside class="sidebar" itemscope itemtype="http://schema.org/WPSideBar">
  <div class="slimContent">
    
      <div class="widget">
    <h3 class="widget-title">公告</h3>
    <div class="widget-body">
        <div id="board">
            <div class="content">
                <p>欢迎交流与分享经验!</p>
            </div>
        </div>
    </div>
</div>

    
      
  <div class="widget">
    <h3 class="widget-title">分类</h3>
    <div class="widget-body">
      <ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/%E6%B8%97%E9%80%8F/">渗透</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E9%80%86%E5%90%91/">逆向</a><span class="category-list-count">4</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">标签</h3>
    <div class="widget-body">
      <ul class="tag-list" itemprop="keywords"><li class="tag-list-item"><a class="tag-list-link" href="/tagsssss/Android%E9%80%86%E5%90%91/" rel="tag">Android逆向</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tagsssss/PC%E9%80%86%E5%90%91/" rel="tag">PC逆向</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tagsssss/Web%E6%B8%97%E9%80%8F/" rel="tag">Web渗透</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tagsssss/iOS%E9%80%86%E5%90%91/" rel="tag">iOS逆向</a><span class="tag-list-count">2</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tagsssss/%E5%86%85%E7%BD%91%E6%94%BB%E9%98%B2/" rel="tag">内网攻防</a><span class="tag-list-count">1</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">标签云</h3>
    <div class="widget-body tagcloud">
      <a href="/tagsssss/Android%E9%80%86%E5%90%91/" style="font-size: 13px;">Android逆向</a> <a href="/tagsssss/PC%E9%80%86%E5%90%91/" style="font-size: 13px;">PC逆向</a> <a href="/tagsssss/Web%E6%B8%97%E9%80%8F/" style="font-size: 13px;">Web渗透</a> <a href="/tagsssss/iOS%E9%80%86%E5%90%91/" style="font-size: 14px;">iOS逆向</a> <a href="/tagsssss/%E5%86%85%E7%BD%91%E6%94%BB%E9%98%B2/" style="font-size: 13px;">内网攻防</a>
    </div>
  </div>

    
      
  <div class="widget">
    <h3 class="widget-title">归档</h3>
    <div class="widget-body">
      <ul class="archive-list"><li class="archive-list-item"><a class="archive-list-link" href="/archives/2020/06/">六月 2020</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2020/02/">二月 2020</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2020/01/">一月 2020</a><span class="archive-list-count">5</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">最新文章</h3>
    <div class="widget-body">
      <ul class="recent-post-list list-unstyled no-thumbnail">
        
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/%E9%80%86%E5%90%91/">逆向</a>
              </p>
              <p class="item-title">
                <a href="/iOS%E5%BA%94%E7%94%A8%E9%80%86%E5%90%91%E4%B8%8E%E5%AE%89%E5%85%A8-WhatsApp%E5%88%86%E6%9E%90.html" class="title">iOS应用逆向与安全-WhatsApp防撤回开发</a>
              </p>
              <p class="item-date">
                <time datetime="2020-06-29T04:32:31.000Z" itemprop="datePublished">2020-06-29</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/%E9%80%86%E5%90%91/">逆向</a>
              </p>
              <p class="item-title">
                <a href="/iOS13-%E5%8A%A8%E6%80%81%E8%B0%83%E8%AF%95%E9%85%8D%E7%BD%AE%E4%B9%8Bdebugserver.html" class="title">iOS13 动态调试配置之debugserver</a>
              </p>
              <p class="item-date">
                <time datetime="2020-02-06T09:30:34.000Z" itemprop="datePublished">2020-02-06</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/%E9%80%86%E5%90%91/">逆向</a>
              </p>
              <p class="item-title">
                <a href="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html" class="title">拼多多数据库解密</a>
              </p>
              <p class="item-date">
                <time datetime="2020-01-08T06:22:52.000Z" itemprop="datePublished">2020-01-08</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/%E6%B8%97%E9%80%8F/">渗透</a>
              </p>
              <p class="item-title">
                <a href="/mimikatz%E7%A0%B4%E8%A7%A3Windows%E7%99%BB%E9%99%86%E5%AF%86%E7%A0%81.html" class="title">Mimikatz破解Windows登陆密码</a>
              </p>
              <p class="item-date">
                <time datetime="2020-01-07T04:50:11.000Z" itemprop="datePublished">2020-01-07</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/%E6%B8%97%E9%80%8F/">渗透</a>
              </p>
              <p class="item-title">
                <a href="/%E7%86%AC%E5%A4%9C%E4%B9%8B%E5%B9%B2JS%E5%8A%A0%E5%AF%86.html" class="title">熬夜之干JS加密</a>
              </p>
              <p class="item-date">
                <time datetime="2020-01-07T03:59:36.000Z" itemprop="datePublished">2020-01-07</time>
              </p>
            </div>
          </li>
          
      </ul>
    </div>
  </div>
  

    
  </div>
</aside>

  
  
<main class="main" role="main">
  <div class="content">
  <article id="post-拼多多数据库解密" class="article article-type-post" itemscope itemtype="http://schema.org/BlogPosting">
    
    <div class="article-header">
      
        
  
    <h1 class="article-title" itemprop="name">
      拼多多数据库解密
    </h1>
  

      
      <div class="article-meta">
        <span class="article-date">
    <i class="icon icon-calendar-check"></i>
	<a href="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html" class="article-date">
	  <time datetime="2020-01-08T06:22:52.000Z" itemprop="datePublished">2020-01-08</time>
	</a>
</span>
        
  <span class="article-category">
    <i class="icon icon-folder"></i>
    <a class="article-category-link" href="/categories/%E9%80%86%E5%90%91/">逆向</a>
  </span>

        
  <span class="article-tag">
    <i class="icon icon-tags"></i>
	<a class="article-tag-link" href="/tagsssss/Android%E9%80%86%E5%90%91/" rel="tag">Android逆向</a>
  </span>


        

        <span class="post-comment"><i class="icon icon-comment"></i> <a href="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html#comments" class="article-comment-link">评论</a></span>
        
      </div>
    </div>
    <div class="article-entry marked-body" itemprop="articleBody">
      
        <h2 id="0x00-拼多多数据库"><a href="#0x00-拼多多数据库" class="headerlink" title="0x00 拼多多数据库"></a>0x00 拼多多数据库</h2><p>在拼多多数据库中其中的<code>t_mall_conversation</code>表中的<code>message</code>字段数据内容被加密了</p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119142603548.png" alt="image-20200119142603548"></p>
<p>提取相应的关键字：</p>
<blockquote>
<p>t_mall_conversation</p>
<p>message</p>
</blockquote>
<h2 id="0x01-逆向分析"><a href="#0x01-逆向分析" class="headerlink" title="0x01 逆向分析"></a>0x01 逆向分析</h2><p>在其官网找到下载地址</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">http:&#x2F;&#x2F;mcdn.yangkeduo.com&#x2F;android_dev&#x2F;2020-01-14&#x2F;b9af6563fb99283df18cbdedddef1e68.apk</span><br></pre></td></tr></table></figure>

<h4 id="查壳"><a href="#查壳" class="headerlink" title="查壳"></a>查壳</h4><p>先用Android APK查壳工具，对拼多多APK进行查壳。如果有被加固需要进行下一步的脱壳操作，如下图：拼多多APK并未被加固。</p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119142907538.png" alt="image-20200119142907538"></p>
<h4 id="反编译、关键字定位"><a href="#反编译、关键字定位" class="headerlink" title="反编译、关键字定位"></a>反编译、关键字定位</h4><p>根据关键字<code>t_mall_conversation</code>定位到处理该表与<code>message</code>加密字段的类。</p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119151434228.png" alt="image-20200119151434228"></p>
<p>在该类下继续找到<code>getMessage</code> 与 <code>setMessage</code>方法，其中getMessage为获取Pdd数据库t_mall_conversation表中Message的字段（所以解密函数也在该方法中），而setMessage为相反的设置Message字段的内容（加密函数在该方法中）。</p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119151637311.png" alt="image-20200119151637311"></p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">a.b(message) <span class="comment">//解密函数</span></span><br><span class="line">a.a(str)     <span class="comment">//加密函数</span></span><br></pre></td></tr></table></figure>



<h4 id="反编译、加密算法解析"><a href="#反编译、加密算法解析" class="headerlink" title="反编译、加密算法解析"></a>反编译、加密算法解析</h4><p>采用AES加密算法，向量为{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}，密钥为用户UID的MD5加密取前16位，UID的值在<code>data/data/com.xunmeng.pinduoduo/files/pinUserFile</code>文件中。</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">IV = <span class="keyword">new</span> <span class="keyword">byte</span> &#123;<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>,<span class="number">0</span>&#125;;</span><br><span class="line"></span><br><span class="line">uid = <span class="number">5564948642776</span>;</span><br><span class="line">MD5(uid) = <span class="number">479</span>EE2A088591D9856CCDC451C1B4515;</span><br><span class="line">KEY = <span class="number">479</span>EE2A088591D98;</span><br></pre></td></tr></table></figure>



<p>AES加密算法</p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119153147712.png" alt="image-20200119153147712"></p>
<p>UID值</p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119154305302.png" alt="image-20200119154305302"></p>
<p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119154332523.png" alt="image-20200119154332523"></p>
<h4 id="POC-编写、破解过程验证"><a href="#POC-编写、破解过程验证" class="headerlink" title="POC 编写、破解过程验证"></a>POC 编写、破解过程验证</h4><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> android.util.Base64;</span><br><span class="line"><span class="keyword">import</span> java.security.Key;</span><br><span class="line"><span class="keyword">import</span> javax.crypto.Cipher;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment">//解密函数</span></span><br><span class="line"> <span class="function"><span class="keyword">public</span>  String <span class="title">PddMsgDecrypt</span><span class="params">(String msg)</span> </span>&#123;</span><br><span class="line">        <span class="keyword">if</span> (TextUtils.isEmpty(msg)) &#123;</span><br><span class="line">            <span class="keyword">return</span> msg;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="comment">//MD5加密(uid)</span></span><br><span class="line">        String md5Text = MD5Utils.digest(<span class="string">"5564948642776"</span>);</span><br><span class="line">        <span class="keyword">if</span> (TextUtils.isEmpty(md5Text)) &#123;</span><br><span class="line">            <span class="keyword">return</span> msg;</span><br><span class="line">        &#125;</span><br><span class="line"></span><br><span class="line">        <span class="comment">//IV</span></span><br><span class="line">        <span class="keyword">byte</span>[] iv = <span class="keyword">new</span> <span class="keyword">byte</span>[]&#123;<span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>&#125;;</span><br><span class="line">        <span class="comment">//KEY 取MD5前16位</span></span><br><span class="line">        <span class="keyword">byte</span>[] key = md5Text.substring(<span class="number">0</span>,<span class="number">16</span>).getBytes();</span><br><span class="line"></span><br><span class="line">        <span class="comment">//AES解密</span></span><br><span class="line">        <span class="keyword">try</span>&#123;</span><br><span class="line">            SecretKeySpec v1 = <span class="keyword">new</span> SecretKeySpec(key, <span class="string">"AES"</span>);</span><br><span class="line">            IvParameterSpec v0_2 = <span class="keyword">new</span> IvParameterSpec(iv);</span><br><span class="line">            Cipher v2 = Cipher.getInstance(<span class="string">"AES/CBC/PKCS5Padding"</span>);</span><br><span class="line">            v2.init(<span class="number">2</span>, ((Key)v1), ((AlgorithmParameterSpec)v0_2));</span><br><span class="line">            <span class="keyword">return</span> <span class="keyword">new</span> String(v2.doFinal(Base64.decode(msg, <span class="number">2</span>)));</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">catch</span>(Throwable unstd) &#123;</span><br><span class="line">            Log.v(<span class="string">"Lee"</span>, <span class="string">"Fail to decrypt data with aes key through java"</span>);</span><br><span class="line">            <span class="keyword">return</span> msg;</span><br><span class="line">        &#125;</span><br><span class="line">     </span><br><span class="line"><span class="comment">//POC 破解过程验证</span></span><br><span class="line">PddMsgDecrypt(<span class="string">"fKt3i73/hNjTPjEL/AIFhMLxuEd1XX0p9sfQ7++CPjgnTDnRzG+1dsiZ6S4f5/HlfCw4XL3/Oisudg2I+i2maQzjaoRGxa0iCtCWrKLwbZU5zkt4J0JCKtV3CZC5JQeVvfn++p8EjsHluhwidX7zg8hqA3wueZYUmwfHdyzMUultYeNOLYDfcmYXHhaFet0NUNvUKaBvwDZm2ah6Drpo9W1UK9GN6rntX58idkPULZnzZErIGHCnPIpJ5cVb8sIAo6iLOMSPPTmGyePfx35veXKVFm38u7o8jkWKOCFC6puHncyFu53f/wBNa0LmQINq5Qf62mgZFbXY+lcT9g+vqVhaW7oA2OsJh7bp+1Xrwv0OdZE1B04bFnpP14Z/1INz3MeMMutA48DoCDyJ2jqQTzFv94WiCnLTtFdoGpIy5bAFMg4zRwzyRYo5Z2kD2+EeyF/lXS+r3QBOACJrw3LEx1kLglyfSqJbdJU9CbQGNmCciZ5ec/glTHRvtefNIe2KHYYMPupxbwHbWHSSQCDyL5IgnfAbTc0jMk82KKlk2LyrlJxeTo4s5yk4njnAhLesGoaGfevnnpx12Unk3FpcQ+rrNC+zMjsjXM5wL5ly8o21x/KLAlGsOfM4YSJaH9f4QS3xU1x8jKZMDYr3LnBcNOU+5dRp3gUdEUFJgDN5wUhsjw5UyPDGZmETHG+pJOt8z9kOOJeuldOEfAAx7sJEor8dM6qJwGLI43LnapnwWYXeAkMfH7pR8coD6IrZgJW9sjt6EoFJa7NU1JTykSP3T7okQyEvk8fVdcHF+Hf6BawhXC2Xy6bWmymQKFXJhhzUeJeQEzZi9FU+TqyeTc7AYCYzrsHsjBHnJxC+P4hdexJXYDCue3qxsrz4zC3R+ZE50QpPUTjdrY3bmUmhk+RxgnUp+TpsUhVbb2p/m4017SWGJV+XPPdnG21uGoxcmNHwGN78jWmkI8kg/09+vBiqV4X8U8tXaD2dHKtJf5ZOr7nyADsqekX6EVrCXcKVlecGHvs0zJgScxb9fTS6bEfa2TW+4aZPVD/Zd9gK7+LD/kP0Lupx+9gQPTO4ElCVJ/hoYD2sBhc7Mmu9iLNKuTHOZ8pidvIoyEMj/4/CyZRUoS2eifc+L39xyEnB/P9+2k+a/xTS3gvkfYAD+OIUbok4uU0K1Rko1SLPoNdcxDOmbbcAl8oDOWH7Qd/qTfj4PQ3weIEgV6/p5ZZkPQi8UJi2Z21UO5M4aOyJVugwcDHvEAyJiVaOAPHd7I4CNj5B0LETEhc4NlOqoN2GvF9ztqdkk03Neb1YCZGT+Lgv8mzumyOccOM/K2wQfS7s9iNU4uGskFGYxUXOBhHLaRARhHny/EFiSbvZOtkqKEA9uRupHDjRzW+1ubRJfF++EubkwpvSQVhJfLZa4AWUS3PFUHP1cnwfwUUEKzaFXSLu6F+sPBb796KxK+Ulr7W8lBRsdmHZL60b7Zz582HAZnx+JFUcjiJKlqy2JqcEEyJAQ4S5B2M1WvFWCkQfaBrGrcd32WIGcEhL7ee5AhNLD+f8hfYwQXm2JLwWA9zg87Lt6MgQvumyjzKfH4NP9UTHuthcI3eM+AKHZoHXNeKVBEmvSApHUs5zQ44xwIfXby/m9pMBrRc/Wl+wHc80SGngLfK3JSmbD9KcTVxPez6qzjBUOlL2dZix5BY4pLZKCQhplMV9FljpTkweBxB8ya75vigSDveW6pcPtnxH4a23kuV3TP/6ba4k8cf40kWPXlx3RmZObp6c71Q69kSAnmtPi0O5bguSvBY/cnYHxyLj6OsflgEVYIECqOVPoioPeJ/0nAPMO2cs2cbsMRFqeWsYGUeFsu4tkeU21r8/G/FyR9CjCN7VX9ny0u37y1iVa6eh3TouzyP1CY7iZBo2NtR87cCqckAV9QphlK/FkZ5+IqkWohMHLyds+ezigvmHNaz4MQQ+QU7SIaHX/+juOxGcO8Gj83lb/n99FCx5Oyi58NfCRaocxsfFDQqoCOjrWs/ig+WTm6E="</span>);</span><br></pre></td></tr></table></figure>





<h4 id="验证成功、成功解密"><a href="#验证成功、成功解密" class="headerlink" title="验证成功、成功解密"></a>验证成功、成功解密</h4><p><img src="/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86/image-20200119155717365.png" alt="image-20200119155717365"></p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">&#123;&quot;auto_click&quot;:1,&quot;content&quot;:&quot;亲，欢迎来到拼多多，今后您在拼多多遇到的任何问题都可以咨询我哦～快快开启“多实惠，多乐趣”的购物之旅吧！&quot;,&quot;from&quot;:&#123;&quot;mall_id&quot;:&quot;606&quot;,&quot;role&quot;:&quot;mall_cs&quot;,&quot;uid&quot;:&quot;606&quot;&#125;,&quot;is_aut&quot;:0,&quot;is_rich_text&quot;:1,&quot;mallName&quot;:&quot;拼多多官方客服&quot;,&quot;msg_id&quot;:&quot;1579261690080&quot;,&quot;rich_text&quot;:&#123;&quot;content&quot;:[&#123;&quot;text&quot;:&quot;亲，欢迎来到拼多多，今后您在拼多多遇到的任何问题都可以咨询我哦～快快开启“多实惠，多乐趣”的购物之旅吧！&quot;,&quot;type&quot;:&quot;text&quot;&#125;,&#123;&quot;click_action&quot;:&#123;&quot;name&quot;:&quot;send_message&quot;,&quot;params&quot;:&#123;&quot;content&quot;:&quot;如何搜索商品&quot;&#125;&#125;,&quot;hide&quot;:0,&quot;text&quot;:&quot;如何搜索商品&quot;,&quot;type&quot;:&quot;menu_item&quot;&#125;,&#123;&quot;click_action&quot;:&#123;&quot;name&quot;:&quot;send_message&quot;,&quot;params&quot;:&#123;&quot;content&quot;:&quot;怎么在拼多多下单&quot;&#125;&#125;,&quot;hide&quot;:0,&quot;text&quot;:&quot;怎么在拼多多下单&quot;,&quot;type&quot;:&quot;menu_item&quot;&#125;,&#123;&quot;click_action&quot;:&#123;&quot;name&quot;:&quot;send_message&quot;,&quot;params&quot;:&#123;&quot;content&quot;:&quot;下单后如何支付&quot;&#125;&#125;,&quot;hide&quot;:0,&quot;text&quot;:&quot;下单后如何支付&quot;,&quot;type&quot;:&quot;menu_item&quot;&#125;,&#123;&quot;click_action&quot;:&#123;&quot;name&quot;:&quot;send_message&quot;,&quot;params&quot;:&#123;&quot;content&quot;:&quot;哪里可以看到我的订单&quot;&#125;&#125;,&quot;hide&quot;:0,&quot;text&quot;:&quot;哪里可以看到我的订单&quot;,&quot;type&quot;:&quot;menu_item&quot;&#125;,&#123;&quot;click_action&quot;:&#123;&quot;name&quot;:&quot;send_message&quot;,&quot;params&quot;:&#123;&quot;content&quot;:&quot;拼多多有哪些活动&quot;&#125;&#125;,&quot;hide&quot;:0,&quot;text&quot;:&quot;拼多多有哪些活动&quot;,&quot;type&quot;:&quot;menu_item&quot;&#125;],&quot;template&quot;:&quot;text_with_menu_items&quot;,&quot;version&quot;:1&#125;,&quot;status&quot;:&quot;unread&quot;,&quot;template_name&quot;:&quot;parrot_rich_text_with_menu_item&quot;,&quot;to&quot;:&#123;&quot;role&quot;:&quot;user&quot;,&quot;uid&quot;:&quot;5564948642776&quot;&#125;,&quot;ts&quot;:&quot;1579261690&quot;,&quot;type&quot;:0,&quot;unread_count&quot;:1,&quot;user_has_read&quot;:true&#125;</span><br></pre></td></tr></table></figure>


      
    </div>
    <div class="article-footer">
      <blockquote class="mt-2x">
  <ul class="post-copyright list-unstyled">
    
    <li class="post-copyright-link hidden-xs">
      <strong>本文链接：</strong>
      <a href="https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html" title="拼多多数据库解密" target="_blank" rel="external">https://vxer-lee.github.io/%E6%8B%BC%E5%A4%9A%E5%A4%9A%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A7%A3%E5%AF%86.html</a>
    </li>
    
    <li class="post-copyright-license">
      <strong>版权声明： </strong> 本博客所有文章除特别声明外，均采用 <a href="http://creativecommons.org/licenses/by/4.0/deed.zh" target="_blank" rel="external">CC BY 4.0 CN协议</a> 许可协议。转载请注明出处！
    </li>
  </ul>
</blockquote>


<div class="panel panel-default panel-badger">
  <div class="panel-body">
    <figure class="media">
      <div class="media-left">
        <a href="https://github.com/cofess" target="_blank" class="img-burn thumb-sm visible-lg">
          <img src="/images/avatar.jpg" class="img-rounded w-full" alt="">
        </a>
      </div>
      <div class="media-body">
        <h3 class="media-heading"><a href="https://github.com/cofess" target="_blank"><span class="text-dark">Lee</span><small class="ml-1x">专注逆向、网络安全</small></a></h3>
        <div>擅长iOS、Windows逆向，爱好渗透攻防。</div>
      </div>
    </figure>
  </div>
</div>


    </div>
  </article>
  
    
  <section id="comments">
  	
      <div id="vcomments"></div>
    
  </section>


  
</div>

  <nav class="bar bar-footer clearfix" data-stick-bottom>
  <div class="bar-inner">
  
  <ul class="pager pull-left">
    
    <li class="prev">
      <a href="/iOS13-%E5%8A%A8%E6%80%81%E8%B0%83%E8%AF%95%E9%85%8D%E7%BD%AE%E4%B9%8Bdebugserver.html" title="iOS13 动态调试配置之debugserver"><i class="icon icon-angle-left" aria-hidden="true"></i><span>&nbsp;&nbsp;上一篇</span></a>
    </li>
    
    
    <li class="next">
      <a href="/mimikatz%E7%A0%B4%E8%A7%A3Windows%E7%99%BB%E9%99%86%E5%AF%86%E7%A0%81.html" title="Mimikatz破解Windows登陆密码"><span>下一篇&nbsp;&nbsp;</span><i class="icon icon-angle-right" aria-hidden="true"></i></a>
    </li>
    
    
  </ul>
  
  
  
  <div class="bar-right">
    
    <div class="share-component" data-sites="qq,wechat" data-mobile-sites="qq,wechat"></div>
    
  </div>
  </div>
</nav>
  


</main>

  <footer class="footer" itemscope itemtype="http://schema.org/WPFooter">
	
	
    <ul class="social-links">
    	
        <li><a href="https://github.com" target="_blank" title="Github" data-toggle=tooltip data-placement=top><i class="icon icon-github"></i></a></li>
        
        <li><a href="https://twitter.com" target="_blank" title="Twitter" data-toggle=tooltip data-placement=top><i class="icon icon-twitter"></i></a></li>
        
        <li><a href="/atom.xml" target="_blank" title="Rss" data-toggle=tooltip data-placement=top><i class="icon icon-rss"></i></a></li>
        
    </ul>

    <div class="copyright">
    	
        <div class="publishby">
        	Theme by <a href="https://github.com/cofess" target="_blank"> cofess </a>base on <a href="https://github.com/cofess/hexo-theme-pure" target="_blank">pure</a>.
        </div>
    </div>
</footer>
  <script src="//cdn.jsdelivr.net/npm/jquery@1.12.4/dist/jquery.min.js"></script>
<script>
window.jQuery || document.write('<script src="js/jquery.min.js"><\/script>')
</script>

<script src="/js/plugin.min.js"></script>


<script src="/js/application.js"></script>


    <script>
(function (window) {
    var INSIGHT_CONFIG = {
        TRANSLATION: {
            POSTS: '文章',
            PAGES: '页面',
            CATEGORIES: '分类',
            TAGS: '标签',
            UNTITLED: '(未命名)',
        },
        ROOT_URL: '/',
        CONTENT_URL: '/content.json',
    };
    window.INSIGHT_CONFIG = INSIGHT_CONFIG;
})(window);
</script>

<script src="/js/insight.js"></script>






   




   
    
  <script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/valine"></script>
  <script type="text/javascript">
  var GUEST = ['nick', 'mail', 'link'];
  var meta = 'nick,mail,link';
  meta = meta.split(',').filter(function(item) {
    return GUEST.indexOf(item) > -1;
  });
  new Valine({
    el: '#vcomments',
    verify: false,
    notify: false,
    appId: '',
    appKey: '',
    placeholder: 'Just go go',
    avatar: 'mm',
    meta: meta,
    pageSize: '10' || 10,
    visitor: false
  });
  </script>

     



  <script src="//cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.3.5/dist/jquery.fancybox.min.js"></script>
  <script>
  //利用 FancyBox 实现点击图片放大
  $(document).ready(function() {
    $('article img').not('[hidden]').not('.panel-body img').each(function() {
      var $image = $(this);
      var imageCaption = $image.attr('alt');
      var $imageWrapLink = $image.parent('a');
      if ($imageWrapLink.length < 1) {
        var src = this.getAttribute('src');
        var idx = src.lastIndexOf('?');
        if (idx != -1) {
          src = src.substring(0, idx);
        }
        $imageWrapLink = $image.wrap('<a href="' + src + '"></a>').parent('a');
      }
      $imageWrapLink.attr('data-fancybox', 'images');
      if (imageCaption) {
        $imageWrapLink.attr('data-caption', imageCaption);
      }
    });
    $().fancybox({
      selector: '[data-fancybox="images"]',
      hash: false,
      loop: false,
    });
  });
  </script>





</body>
</html>